Vulnerabilites related to fortinet - fortirecorder_firmware
Vulnerability from fkie_nvd
Published
2022-07-18 17:15
Modified
2024-11-21 06:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-155 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-21-155 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22936F53-4480-4011-9211-174D1C507E87",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
"versionEndIncluding": "1.1.6",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
"versionEndIncluding": "1.2.13",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3902676A-4F5F-4C6A-A22D-DEF5EB4C0543",
"versionEndIncluding": "2.0.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D909C90B-E136-4E8E-B551-FE0369172C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53151CA2-647D-4E40-9247-C0F4E6CB680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5C8467-1765-434E-8C11-65D3139459EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9ECD0B-C46E-485B-AA41-40B9C2A90547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC948E98-B48D-499B-8FD1-4B75754D2B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "668FED55-7378-487E-BE00-C33A45076F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "787C3018-40FA-415C-AF4C-D178AC4FB65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4F35AB98-B0CD-4B04-992E-087054FCF91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91BF8703-2835-4895-A347-74B6E9A2FA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C94723AB-6BBE-4F5E-9560-5ECBE3A809A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E13ECB66-4AC4-4C1F-92DE-9C8788DD5379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "640AC3C4-9529-4796-A2B7-E15C9AB520DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "11C09ED8-BEDB-4EAA-B55B-CD8F81FC74CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4C31FB79-990A-403F-8479-A531837C7A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFE82DC-E7BF-440A-A91E-00E5E4613592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "67411CD4-56F9-4300-BA76-87227EE5CB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE39C3-77E7-4BF0-AEA7-186A12DDC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C49169A3-E7D2-4A4F-8729-551CCB33452A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7D4A9-9143-4055-BAA2-E6093B5ED085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "280D0F29-9BBC-4F39-91D3-C26EBAEEFC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "47E2D164-490D-40F2-925B-C1DF2D8905F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "17FA9D1F-22C3-4B66-89C9-68EF40D7B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "294F7FEE-D8A0-4B6A-ACF4-539F558BAAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DE63E91F-43C9-4878-8ABF-43D6FA243B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "21E72112-DD6F-4F04-B7A6-32F4A3CD652C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0E46A71A-CC32-4FB9-B291-9D5213F2512B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2A710-4758-4B86-82C8-D3DDFD082935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C717350D-43D2-41A4-9AA9-F8EA4F5480CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDD21BC-FD00-4CF5-B093-1E6E9DAC9613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C2594-036C-40E0-BAC5-78945229746C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2917F59F-366B-434E-9CCB-1B734396932A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1139A66-DE22-4D31-A17F-E0A7BB4111D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8B76AF-0BF0-4283-90B1-48D877CF69A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC98DF7-9441-4F7B-9B01-36A5F63BD401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA095F4-1B52-40B2-ADFE-19699C2F9E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF91792-6CFF-4069-826D-E252CF9CFB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41C9826B-C2E2-4A10-AC6F-CDFDBE837049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "065C0602-8785-404F-8DD5-EC884F0AC372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D01-091F-42BC-AC76-45A582873EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B920B4C-96A2-4341-8F19-8E08A583FEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9E1371-6C7B-4E98-B34A-9D03C6636CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "148EFCE2-1EBA-4673-98D2-86095564B727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1668AE14-D9A4-4B7D-BC3F-75885792875A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3B9B-A06F-4A96-B2E7-9DC56E629182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50F8AE97-A647-4A37-8EF2-BC0BBCC8EADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "377A2F0B-2A58-4C2C-B546-3178B353484B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20EBDFD4-45A0-47CC-817E-48E84F945402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9CDB2B-E454-4B91-9A47-615F31F1A3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71148DC5-10A4-48C3-AD65-967F66B6078C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6A08987A-D448-4E46-ACB5-DF38CDBDD55B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A35CD0-765F-48BD-A450-E78F213518B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F8492560-24C1-43B6-A420-068FA9E3C496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5A3D4C-EF73-4676-A5E3-4008E7AF068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BE267898-AB2B-452E-B219-E0E6885DC5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6F223989-D906-4B0E-B54B-3D2639745837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DC5908-9E16-4D12-9F48-AE921ED0D8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3BE3F8-9157-461C-8E3A-ABFA728B7DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7AEE7B-AB79-462A-BEEF-6EEC558FB8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEC69D2-AA57-464C-B59E-585566CCFE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "521E94FB-8CB3-486B-A882-49F0ACBAC502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F29537A6-456D-41B4-94D6-2FBA9DA3CC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF3064-9B75-471E-9ADB-F55B64E453BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC71169D-0BF3-40BC-8460-A0906B1F21F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC7B4D7-9F3A-43FC-930E-AC55E34A94EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48B877ED-AF81-42B1-9E88-2CD4831C6D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3FB3-97A1-4981-BB15-ABBFD273D79F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "722B3D73-504E-40EB-B8FB-9F3D9A3B6DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBBDD272-D412-4DF5-A823-76D0C0C036C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3794902F-7A0C-4EA3-B0E3-959D118ABE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE0B7E1-0D61-48C2-ADDB-E009ACBEE084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "01048DC4-07BB-4689-A7E8-F0CC4F50718D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3907C1C9-EAEB-4287-82DA-06F242DEA639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52A0DB21-C876-4DD3-95ED-8BA0483F0BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20A322D8-C0F0-4F31-81F5-94A12B2B88F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCB90C9-976A-4D85-A84D-A6970E9C11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92CA4075-BA53-415E-9348-C4D3F93A683C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "363F14B5-66AC-4CA2-A11B-E1D70C307C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF39DA1-D854-4540-B410-3ECD5A83E95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C552DD33-EAC7-472E-9A1B-4BAF558D7DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59D90493-FB83-43F0-A576-C90AE7775313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "03B8E997-3D10-48D2-8FCF-34B8A976A944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6AF1FA-A034-439A-876B-BFA1BE7DE15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F54D5CC0-D4F4-4F8C-8CD9-A7456ED226F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E76E7EE1-0B07-4B56-A069-AF3B5BBCB79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "532A62AB-40C5-4C12-8079-EABCA583DB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "64AC05A1-EF48-4282-BB3C-ED60E45CEEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72C437B7-75F8-4DDC-9670-19E2C21ACB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B468AF9F-1619-4399-A1A5-115C26FB01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4929DC17-1B20-432D-AEDA-3B3213DC6022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2625D2C3-A5DE-446A-B551-825B2B24EE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9694FC0C-408A-4892-ADD1-F36F4BBBD9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5783F-CE5B-4B8F-AF7C-C182B3ED3EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8A132F-601F-4129-BFCA-3A976A711D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90600B14-07C4-455D-9FC1-17034D91B987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "953B6278-878B-4B17-8AA2-641A0604F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4739957D-6605-4F88-AF5F-144598270928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AF22D78B-ED8E-42A1-8F0C-F4B52B084B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E45EB-4C8C-4777-9200-08B14595A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D114536-7169-4814-B011-570E3AD86A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B28478DA-8D10-4A8E-81EA-D3DF421E5089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C423AC8-4AA2-426E-8F76-7E5B3CDF82BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43906627-A03E-42EA-9923-DECBAE34A818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E77E34E-9E3F-4022-9969-6DCEDAD1590A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F935F9-5B6A-47C2-8F65-7A1E8BB061FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91C045DF-72E9-4B33-B990-6BA25EDA7209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49D51C9F-CED3-4EA0-89EB-3A63F54B10E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC427FF-F227-401D-8F41-8B3268D577CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73DADA28-4371-4639-AB3D-BA82F365A337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB567F-A4D9-483F-83CB-8807EEF6FB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBADF2A-2C17-4D37-8315-3B003854AE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2673E9-3227-4EAC-9ECD-6576A575F4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4742E76F-3030-45F6-A54B-B337D3C6705B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "056CF29E-1953-4B25-8247-E9A59F511890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9CC045-D163-417F-B8AB-DC07352B81C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "962B9BAB-7414-4E6B-AF5D-F7BB0951229C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "94283031-0C2F-46B3-BAFE-69900C5DB9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA67378-E9BC-4BAE-856D-FEDB42104406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BEB4C-396B-44AB-8E27-357A650A5764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53DC5E3E-C08C-4491-9650-0781C4327225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "484F6C79-3498-45E3-BF74-CF6075E7D31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98",
"versionEndIncluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5",
"versionEndIncluding": "6.2.7",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A13E485-2362-4AC0-9B8E-41998257B31F",
"versionEndIncluding": "6.4.9",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A44AA3D5-FE43-429E-B238-0954D83778A4",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de enteros / wraparound [CWE-190] en FortiSwitch versiones 7.0.2 y anteriores, 6.4.9 y anteriores, 6.2.x, 6.0.x; FortiRecorder 6.4.2 y anteriores, 6.0.10 y anteriores; FortiOS 7.0.2 y anteriores, 6.4.8 y anteriores, 6.2.10 y anteriores, 6.0.x; FortiProxy 7. 0.0, 2.0.6 y anteriores, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 y anteriores, 6.0.10 y anteriores, dhcpd daemon puede permitir a un atacante no autenticado y adyacente a la red bloquear el dhcpd deamon, resultando en una potencial denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-42755",
"lastModified": "2024-11-21T06:28:06.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T17:15:08.413",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-155"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-07 17:15
Modified
2024-11-21 06:46
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-218 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-21-218 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA69D7D6-9798-4E8C-983A-6632D665175C",
"versionEndIncluding": "6.0.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA01761-B03C-498C-8749-CD1289E37A08",
"versionEndIncluding": "6.1.3",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBCF4EF-986E-4F59-8D6D-01AB0D783091",
"versionEndIncluding": "6.2.7",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A846394C-F57F-432B-AEE0-F2FB576A55FA",
"versionEndIncluding": "6.3.17",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5ED7B3-39F3-49FD-82D9-72CAB2D68636",
"versionEndIncluding": "6.4.3",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D08AB84-92D4-4E2E-A1C6-F6C9856E81B4",
"versionEndIncluding": "2.7.7",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE6D7BA-0B60-42EF-BDE0-1E548794C145",
"versionEndIncluding": "6.0.12",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50EDA13-6FCE-4D96-9B3B-80D3B5814202",
"versionEndIncluding": "6.4.3",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments."
}
],
"id": "CVE-2022-22297",
"lastModified": "2024-11-21T06:46:35.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-07T17:15:11.707",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-218"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-792"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-07 17:15
Modified
2024-11-21 07:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortirecorder_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "773125D4-60A6-47B4-A930-27F105D8319F",
"versionEndIncluding": "6.0.11",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50EDA13-6FCE-4D96-9B3B-80D3B5814202",
"versionEndIncluding": "6.4.3",
"versionStartIncluding": "6.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests."
}
],
"id": "CVE-2022-41333",
"lastModified": "2024-11-21T07:23:04.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-07T17:15:12.233",
"references": [
{
"source": "psirt@fortinet.com",
"url": "http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html"
},
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-388"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-23 20:15
Modified
2024-11-21 04:46
Severity ?
Summary
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-19-185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-19-185 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortirecorder_100d | - | |
| fortinet | fortirecorder_200d | - | |
| fortinet | fortirecorder_400d | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D383C63-3EE9-4285-8234-CD9ABDEDCFB4",
"versionEndExcluding": "2.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortirecorder_100d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A46FAC06-A480-4DA2-94CA-F62E375FE852",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortirecorder_200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22C395A3-045D-49A1-8388-7279BB812F50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortirecorder_400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3798-7188-498A-95A7-FF4FB3EEC63A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."
},
{
"lang": "es",
"value": "El uso de la vulnerabilidad de Credenciales codificadas en FortiRecorder en todas las versiones anteriores a 2.7.4 puede permitir que un atacante no autenticado con conocimiento de las credenciales mencionadas y el acceso a la red de FortiCameras tome el control de ellas, siempre que est\u00e9n administradas por un dispositivo FortiRecorder."
}
],
"id": "CVE-2019-6698",
"lastModified": "2024-11-21T04:46:58.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T20:15:10.427",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-08 11:15
Modified
2024-11-21 06:28
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-21-173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc | * | |
| fortinet | fortiadc | * | |
| fortinet | fortianalyzer | * | |
| fortinet | fortianalyzer | * | |
| fortinet | fortimail | * | |
| fortinet | fortimail | * | |
| fortinet | fortimail | * | |
| fortinet | fortimanager | * | |
| fortinet | fortimanager | * | |
| fortinet | fortindr | * | |
| fortinet | fortios-6k7k | * | |
| fortinet | fortios-6k7k | 6.4.2 | |
| fortinet | fortios-6k7k | 6.4.6 | |
| fortinet | fortiportal | * | |
| fortinet | fortiproxy | * | |
| fortinet | fortiproxy | 7.0.0 | |
| fortinet | fortiproxy | 7.0.1 | |
| fortinet | fortivoice | * | |
| fortinet | fortivoice | * | |
| fortinet | fortiweb | * | |
| fortinet | fortiweb | 6.4.0 | |
| fortinet | fortiweb | 6.4.1 | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortirecorder_firmware | * | |
| fortinet | fortiswitch | * | |
| fortinet | fortiswitch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DD5253-F76E-4799-BB45-79D7B7ACFFB1",
"versionEndIncluding": "6.1.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "075C4223-7586-4799-AFA8-7B578BD144B5",
"versionEndIncluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9AE101-566A-4460-AA97-18288BBD7639",
"versionEndIncluding": "6.4.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEB8E5F-BBF2-4E6E-91C6-AA47E2CAD022",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2DC5CE-ED48-48B7-8654-7B29A65A7454",
"versionEndIncluding": "6.2.7",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A5C345-7055-4F18-AE77-FF1DBE41AB89",
"versionEndIncluding": "6.4.6",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43038EC9-6FD3-488C-8CA3-8B4A705C3E11",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "958C238F-B3DD-41A7-801D-0C39143A5E09",
"versionEndIncluding": "6.4.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5772DB-7F52-479C-914D-778552395990",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E4A60-2FA0-4298-BF2E-53C86AF21BEC",
"versionEndIncluding": "1.5.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE493CA-7BE8-454A-82FD-11DB82D8FC3A",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD8EE9-6F94-4EA5-B22B-1B446A15F2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50BDB150-8E02-427D-A9FC-C7C3C90F0584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4A0E2F-41C7-4AFB-AC6D-83E7B1A5FC70",
"versionEndIncluding": "6.0.10",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBD9074-C3A5-437E-AC44-C41E4B001980",
"versionEndIncluding": "2.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D909C90B-E136-4E8E-B551-FE0369172C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCB4E87-0AEC-487E-8FAD-E8F647DA21D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A",
"versionEndIncluding": "6.0.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8611A25-64A1-4BCE-AA46-E47DFD607CB2",
"versionEndIncluding": "6.4.4",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEA2E8B-78B6-40AA-9201-BDF4838950CC",
"versionEndIncluding": "6.3.16",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74A92A08-E6F6-4522-A6DA-061950AD3525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1C5491-6C94-48A9-8D59-5162E576E54A",
"versionEndIncluding": "6.0.13",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3",
"versionEndIncluding": "6.2.9",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D183D979-7F73-4D02-91B7-D0C93DE55A8F",
"versionEndIncluding": "6.4.7",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E9D423-721A-482B-BA6B-52E4D8C07C58",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E33B56-1975-4B78-A157-E0EADB3BC1B7",
"versionEndIncluding": "6.0.10",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB7DEA7-E461-43B0-98EB-CE436DE87D98",
"versionEndIncluding": "6.4.2",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5A33E-F744-4CC0-ABA0-D1734845AFBB",
"versionEndIncluding": "6.4.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3C99AC-DCA1-44A0-9671-F424109A6038",
"versionEndIncluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de argumentos de l\u00ednea de comandos especialmente dise\u00f1ados"
}
],
"id": "CVE-2021-42757",
"lastModified": "2024-11-21T06:28:06.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-08T11:15:11.840",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-173"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-42755
Vulnerability from cvelistv5
Published
2022-07-18 16:35
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-21-155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy |
Version: FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T16:35:20",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-42755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
"version": {
"version_data": [
{
"version_value": "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "Low",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-155",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-21-155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-42755",
"datePublished": "2022-07-18T16:35:20",
"dateReserved": "2021-10-20T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22297
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-22 20:48
Severity ?
EPSS score ?
Summary
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiRecorder |
Version: 6.4.0 ≤ 6.4.3 Version: 6.0.0 ≤ 6.0.12 Version: 2.7.0 ≤ 2.7.7 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-218",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-218"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:25.909669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:48:26.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.17",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.7",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.3",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-792",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:04:48.484Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-218",
"url": "https://fortiguard.com/psirt/FG-IR-21-218"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 7.0.0 or above,\r\nUpgrade to FortiWeb version 6.4.2 or above.\r\nUpgrade to FortiWeb version 6.3.18 or above.\r\nUpgrade to FortiRecorder version 7.0.0 or above\r\nUpgrade to FortiRecorder version 6.4.4 or above\n\u00a0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-22297",
"datePublished": "2023-03-07T16:04:48.484Z",
"dateReserved": "2022-01-03T09:39:36.527Z",
"dateUpdated": "2024-10-22T20:48:26.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41333
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiRecorder |
Version: 6.4.0 ≤ 6.4.3 Version: 6.0.0 ≤ 6.0.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-388",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-388"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:42.609720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:31:29.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.11",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T19:06:24.732Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-388",
"url": "https://fortiguard.com/psirt/FG-IR-22-388"
},
{
"url": "http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiRecorder version 7.0.0 or above\r\nPlease upgrade to FortiRecorder version 6.4.4 or above\r\nPlease upgrade to FortiRecorder version 6.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-41333",
"datePublished": "2023-03-07T16:04:43.368Z",
"dateReserved": "2022-09-23T15:07:35.782Z",
"dateUpdated": "2025-02-13T16:33:04.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42757
Vulnerability from cvelistv5
Published
2021-12-08 11:01
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-21-173 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiOS |
Version: FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T11:01:11",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-21-173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2021-42757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-21-173",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-21-173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-42757",
"datePublished": "2021-12-08T11:01:11",
"dateReserved": "2021-10-20T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6698
Vulnerability from cvelistv5
Published
2019-08-23 19:58
Modified
2024-10-25 14:29
Severity ?
EPSS score ?
Summary
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-19-185 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fortinet FortiRecorder |
Version: FortiRecorder all versions below 2.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:03.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-6698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:11:02.953973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:29:00.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiRecorder",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FortiRecorder all versions below 2.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Controls Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T19:58:39",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiRecorder",
"version": {
"version_data": [
{
"version_value": "FortiRecorder all versions below 2.7.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Controls Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-185",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-6698",
"datePublished": "2019-08-23T19:58:39",
"dateReserved": "2019-01-23T00:00:00",
"dateUpdated": "2024-10-25T14:29:00.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}